-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy path.trivyignore
More file actions
29 lines (23 loc) · 1.08 KB
/
.trivyignore
File metadata and controls
29 lines (23 loc) · 1.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# List any vulnerability that are to be accepted
# See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/
# for more details
# This is a false positive CVE
# See: UID2-5492
CVE-2022-37767
# This is a false positive CVE
# See: UID2-5493
CVE-2025-1686
# gnutls DoS vulnerability via crafted ClientHello - not impactful as gnutls is not used by our Java service
# See: UID2-6655
CVE-2026-1584 exp:2026-08-27
# jackson-core async parser DoS - not exploitable, services only use synchronous ObjectMapper API
# See: UID2-6670
GHSA-72hv-8253-57qq exp:2026-09-01
# libexpat NULL pointer dereference in Alpine base image - not exploitable, our Java services do not use libexpat
# Fixed in libexpat 2.7.5, not yet available in eclipse-temurin Alpine 3.23 base image
# See: UID2-6806
CVE-2026-32776 exp:2026-04-25
# Trivy reports CVE-2026-32776 with transposed digits (32767 instead of 32776) - this is a known Trivy bug
# See: https://github.com/aquasecurity/trivy/discussions/10412 and UID2-6806
# This entry can be removed once Trivy fixes the typo
CVE-2026-32767 exp:2026-04-25